74cmsSE v3.5.1 exists to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
74cms 74cmsse 3.5.1